The HIPAA Privacy Rule Checklist 2020

Ryan Stephens
hipaa-ready-dashboard

The HIPAA Privacy Rule and the HIPAA Security Rule make up the foundation of the HIPAA regulations. While a Security Rule checklist can be found on the web, many healthcare professionals wonder if there is a HIPAA Privacy Rule checklist too. This article includes a HIPAA Privacy Rule checklist which will help healthcare professionals to adhere to HIPAA’s regulations.

The HIPAA Privacy Rule in a flash

The HIPAA Privacy Rule sets the national standard for protecting an individual’s medical record and other personal health-related information. This Rule applies to HIPAA-covered entities, which includes health plans, healthcare clearinghouses, and those healthcare providers that conduct standard electronic healthcare transactions.

The Privacy Rule requires organizations to implement appropriate safeguards for protecting the privacy of Protected Health Information (PHI) and limit the use and disclosure of information that may be used without a patient’s consent. In short, it explains how healthcare professionals, lawyers, or anyone who has access to PHI, can or cannot use the data. Furthermore, the Rule allows patients to access their medical records, make copies, and corrections upon request.

For example, if a patient wants to share their information with someone else, the law requires a HIPAA PHI release form to be signed in order for the physician’s office to share the information. These are the kinds of scenarios that the HIPAA Privacy Rule covers.

The HIPAA Privacy Rule Checklist

This HIPAA Privacy Rule checklist will ensure that the PHI is properly protected while also allowing authorized parties to share and transmit information while delivering proper care:

  • Privacy policies and procedures

    Develop and implement written privacy policies and procedures for your practice in accordance with the HIPAA Privacy Rule. Develop guidelines stating who, when, how and under what circumstances the PHI be accessed, disclosed, or used.

  • Privacy officer

    Appoint a privacy officer to develop and implement the privacy policies. Assign a contact person who will be responsible for dealing with complaints and provide information to individuals about privacy practices.

  • Business Associate Agreement (BAA)

    Create and execute a BAA with all of the business associates who have access to the PHI.

  • Training and management of the workforce

    Training on privacy policies is required to be provided to everyone in the workforce, including physicians, volunteers, staff members, and others. Place appropriate disciplinary actions in place for anyone who violates the standards.

  • Safeguards

    Apply reasonable and appropriate technical, physical, and administrative safeguards to regulate proper use and disclosure of PHI. Appropriate safeguards can also ensure data is protected from security breaches. Methods may include proper shredding of documents, limiting access to authorized individuals, applying passwords, and implementing a biometric patient identification platform.

    what-information-does-hipaa-privacy-rule-protect

  • Anti-Retaliation and waiver policy

    There should be a solid guideline stating that your practice will not retaliate or intimidate any person who files a complaint or provides information regarding a HIPAA violation, or anyone who exercises his/her Privacy Rule rights. You do not have the right to ask individuals to waive their Privacy Rule rights as a condition for receiving treatments, payments, or enrollment aptness.

  • De-identification of PHI

    Have a de-identification policy in place. Under the HIPAA Privacy Rule, de-identification is the removal of specific identifiers that can be used alone or in combination with other information to identify a patient. Covered entities often wish to de-identify PHI for conducting research and participate in comparative studies. Once the PHI is de-identified, HIPAA Privacy Rule restrictions no longer apply.

  • Policies for handling complaints

    Set up procedures for individuals so that they can file complaints about its HIPAA practices, and inform everyone that complaints may also be reported to the Health Department (HHS).

  • Documentation trail

    Store and maintain documents that address all aspects of HIPAA, including policies, training, disposition of complaints, and other actions for at least a minimum of 6 years from their creation. A document trail also helps organizations when officials perform HIPAA audits.

Why worry when there is HIPAA Ready?

Invest in HIPAA Ready to ensure you meet your compliance requirements from one single platform. HIPAA Ready is HIPAA compliance software designed to ease your compliance management efforts, where you store and customize your policies, manage training efficiently, and keep track of all other compliance areas.

HIPAA Ready makes maintaining your HIPAA Privacy checklist easier. Start a free trial now and see how HIPAA Ready can work for your organization.

HIPAA Ready

HIPAA Ready

HIPAA Compliance Software

Features

Reduce Administrative Burden

Access to all information in a centralized space

Keep your team updated with regular information

Learn more
footer top

We use cookies to understand how you use our site and to improve your experience. By continuing to use our site, you accept our use of cookies as described in our revised   Privacy Policy